Claims 



What is claimed is: 



1 1. A computer-implemented method for managing access to a resource, 

2 comprising: 

3 receiving, from a first user having an authentication credential with re- 

4 spect to the resource, a message that a second user be granted 

5 access to the resource; 

6 receiving, from the second user, a request to access the resource; and 

7 responsive to the request from the second user, obtaining the first user's 

8 authentication credential and granting the second user access to 

9 the resource by providing the first user's authentication creden- 
10 tial to the resource. 

2 2. The method of claim 1, wherein granting the second user access com- 

2 prises activating a temporary access credential for the second user. 

1 3. The method of claim 1, wherein granting the second user access com- 

2 prises creating an entity relationship between an account associated with the 

3 second user and an account associated with the first user. 

2 4. The method of claim 3, wherein the account associated with the second 

2 user comprises a support representative account. 
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5. The method of claim 1, wherein the message identifies the second user 
and specifies a level of access for the second user, and wherein granting the sec- 
ond user access comprises granting the specified level of access. 

6. The method of claim 1, wherein the second user belongs to a group of 
users, and the message identifies the group of users to which the second user be- 
longs. 

7. The method of claim 6, further comprising: 

receiving an identifier from the second user, identifying the second user as 
belonging to the group of users. 

8. The method of claim 6, further comprising: 
authenticating the second user as belonging to the group of users. 

9. The method of claim 6, wherein the group comprises support represen- 
tatives. 

10. The method of claim 1, further comprising: 
authenticating the second user; 

and wherein granting the second user access to the resource comprises: 
responsive to the request from the second user and responsive to the au- 
thentication of the second user being successful, granting the 
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6 second user access to the resource by providing the first user's 

7 authentication credential to the resource. 

1 11. The method of claim 1, wherein granting the second user access to the 

2 resource comprises granting the second user a level of access different from the 

3 level of access available to the first user. 

1 12. The method of claim 1, wherein receiving the message comprises re- 

2 ceiving the message via a network. 

1 13. The method of claim 12, wherein receiving the request comprises re- 

2 ceiving the request via the network. 

1 14. The method of claim 12, wherein receiving the request comprises re- 

2 ceiving the request via a second network. 

1 15. The method of claim 1, further comprising storing in an audit log in- 

2 formation describing the second user's access to the resource and identifying the 

3 second user in connection with the access. 

1 16. A computer-implemented method for managing levels of access to a 

2 resource for at least two users, comprising: 

3 establishing a control relationship between a first user's authentication 

4 credential and a second user's authentication credential, the 
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control relationship allowing the first user to specify at least one 
parameter of the second user's level of access to a resource; 
receiving, from the second user, a request to access the resource; and 
responsive to the request from the second user, granting the second user 
access to the resource according to the second user's level of ac- 
cess as specified by the first user. 

17. The method of claim 16, wherein the second user is a support repre- 
sentative. 

18. The method of claim 16, further comprising: 
terminating the second user's access to the resource. 

19. The method of claim 1 or 16, further comprising: 

terminating the second user's access to the resource after a predetermined 
time period. 

20. The method of claim 19, wherein the predetermined time period is se- 
lectable by the first user. 

21. The method of claim 1 or 16, further comprising: 

terminating the second user's access to the resource after the second user 
has accessed the resource a predetermined number of times. 

Case 5907 - 38 - 

16319/05907/DOCS/1185863.3 



1 22. The method of claim 21, wherein the predetermined number of times 

2 is selectable by the first user. 



1 23. The method of claim 1 or 16, further comprising: 

2 terminating the second user's access to the resource in response to a com- 

3 mand received from the first user. 

1 24. The method of claim 1 or 16, further comprising: 

2 terminating the second user's access to the resource in response to a pre- 

3 determined event. 

1 25. The method of claim 1 or 16, further comprising: 

2 responsive to granting the second user access, outputting, to the first user, 

3 notification of the second user's access to the resource. 

1 26. The method of claim 1 or 16, further comprising: 

2 responsive to granting the second user access, storing information describ- 

3 ing the second user's access to the resource. 



2 27. The method of claim 26, wherein storing information comprises stor- 

2 ing the information in an audit log. 

l 28. The method of claim 1 or 16, further comprising: 
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storing information describing at least one subsequent interaction with the 
resource. 

29. The method of claim 28, wherein storing information comprises, for 
each interaction, storing information identifying which user accesses the re- 
source. 

30. The method of claim 1 or 16, wherein the access to the resource by the 
second user is masked so that the resource is unable to distinguish it from access 
by the first user. 

31. The method of claim 16, wherein the first user's level of access is dif- 
ferent from the second user's level of access. 

32. The method of claim 1 or 16, wherein the resource comprises at least 
one selected from the group consisting of: 

a data file; 

a data file stored at a server; 

an application; and 

data associated with the first user. 

33. The method of claim 1 or 16, wherein the steps of the method are per- 
formed by a web-based application. 
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34. A system for granting resource access to a second user in response to a 
message from a first user, comprising: 

an authenticator communicatively adapted to receive over a network con- 
nection authentication credentials of the first and second users 
and adapted to authenticate each user from the authentication 
credentials; 

an access level control module, communicatively coupled to the authenti- 
cator, for defining for each user a level of access to a resource for 
the user; and 

a resource interface, communicatively coupled to the access level control 
module, for granting the second user access to the resource by 
providing the first user's authentication credential to the au- 
thenticator for authentication. 

35. The system of claim 34, wherein the access level control module acti- 
vates a temporary access credential for the second user. 

36. The system of claim 34, wherein the access level control module cre- 
ates an entity relationship between an account associated with the second user 
and an account associated with the first user. 
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37. A system for granting resource access to a second user in response to a 
message from a first user, comprising: 

an access level control module, for establishing a control relationship be- 
tween the first user's authentication credential and the second 
user's authentication credential, the control relationship allow- 
ing the first user to control at least one parameter of the second 
user's level of access; and 

a resource interface, coupled to the access level control module, for grant- 
ing the second user access to the resource according to the sec- 
ond user's level of access, by providing the first user's authenti- 
cation credential to the resource. 

38. The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the resource. 

39. The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the resource after a predetermined time 
period. 

40. The system of claim 39, wherein the predetermined time period is se- 
lectable by the first user. 
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41. The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the resource after the second user has ac- 
cessed the resource a predetermined number of times. 

42. The system of claim 41, wherein the predetermined number of times is 
selectable by the first user. 

43. The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the resource in response to a command re- 
ceived from the first user. 

44. The system of claim 34 or 37, wherein the resource interface further 
terminates the second user's access to the resource in response to a predeter- 
mined event. 

45. The system of claim 34 or 37, further comprising: 

an output device, coupled to the resource interface, for outputting, to the 
first user, notification of the second user's access to the resource. 

46. The system of claim 34 or 37, further comprising: 

a storage device, coupled to the resource interface, for storing information 
describing the second user's access to the resource. 
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47. The system of claim 46, wherein the storage device stores information 
identifying which user accesses the resource. 

48. The system of claim 34 or 37, wherein the access to the resource by the 
second user is masked so that the resource is unable to distinguish it from access 
by the first user. 

49. The system of claim 34 or 37, wherein the resource comprises at least 
one selected from the group consisting of: 

a data file; 

a data file stored at a server; 

an application; and 

data associated with the first user. 

50. In a client/ server system for granting resource access to a second user 
in response to a message from a first user specifying that the second user be 
granted access to the resource, a server comprising: 

an authenticator, for authenticating each user according to authentication 
credentials; 

an access level control module, coupled to the authenticator, for defining a 
level of access to the resource for each user; and 
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a resource interface, coupled to the access level control module, for grant- 
ing to a client operated by the second user access to the resource 
by providing the first user's authentication credential to the re- 
source. 

51. In a client/ server system for granting resource access to a second user 
in response to a message from a first user specifying that the second user be 
granted access to the resource, a server comprising: 

an access level control module, for establishing a control relationship be- 
tween the first user's authentication credential and the second 
user's authentication credential, the control relationship allow- 
ing the first user to control at least one parameter of the second 
user's level of access; and 

a resource interface, coupled to the access level control module, for grant- 
ing to the client operated by the second user access to the re- 
source according to the second user's level of access, by provid- 
ing the first user's authentication credential to the resource. 

52. In a client/ server system for managing user access to a resource, in- 
cluding a server having an authenticator for authenticating at least two users ac- 
cording to authentication credentials, an access level control module for defining 
a level of access to the resource for each of at least a first user and a second user, 
and a resource interface for granting to the second user access to the resource by 
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providing the first user's authentication credential to the resource, a client com- 
prising: 

an input device, for receiving input from a first user specifying that a sec- 
ond user be granted access to the resource; and 

an output device, for transmitting the received input to the access level 
control module to grant to the second user the access to the re- 
source. 

53. In a client/ server system for managing user access to a resource in- 
cluding a server having an access level control module for establishing a control 
relationship between a first user's authentication credential and a second user's 
authentication credential, the control relationship allowing the first user to con- 
trol at least one parameter of the second user's level of access, and a resource in- 
terface for granting to the client operated by the second user access to the re- 
source according to the second user's level of access, by providing the first user's 
authentication credential to the resource, a client comprising: 

an input device, for receiving input from a first user specifying that a sec- 
ond user be granted access to the resource and for receiving in- 
put from the first user specifying at least one parameter of the 
second user's level of access; and 
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an output device, for transmitting the received input to the access level 
control module to grant to the second user the access to the re- 
source. 

54. A computer program product comprising a computer-usable medium 
having computer-readable code embodied therein for managing access to a re- 
source, comprising: 

computer-readable program code configured to cause a computer to re- 
ceive, from a first user having an authentication credential with 
respect to the resource, a message that a second user be granted 
access to the resource; 

computer-readable program code configured to cause a computer to re- 
ceive, from the second user, a request to access the resource; and 

computer-readable program code configured to cause a computer to, re- 
sponsive to the request from the second user, obtain the first 
user's authentication credential and grant the second user ac- 
cess to the resource by providing the first user's authentication 
credential to the resource. 

55. The computer program product of claim 54, wherein the computer- 
readable program code configured to cause a computer to grant the second user 
access comprises computer-readable program code configured to cause a com- 
puter to activate a temporary access credential for the second user. 
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56. The computer program product of claim 54, wherein the computer- 
readable program code configured to cause a computer to grant the second user 
access comprises computer-readable program code configured to cause a com- 
puter to create an entity relationship between an account associated with the sec- 
ond user and an account associated with the first user. 

57. The computer program product of claim 54, further comprising: 
computer-readable program code configured to cause a computer to au- 
thenticate the second user; 

and wherein the computer-readable program code configured to cause a 
computer to grant the second user access to the resource comprises: 

computer-readable program code configured to cause a computer to, re- 
sponsive to the request from the second user and responsive to 
the authentication of the second user being successful, grant the 
second user access to the resource by providing the first user's 
authentication credential to the resource. 

58. A computer-implemented computer program product for managing 
levels of access to a resource for at least two users, comprising: 

computer-readable program code configured to cause a computer to es- 
tablish a control relationship between a first user's authentica- 
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tion credential and a second user's authentication credential, the 
control relationship allowing the first user to specify at least one 
parameter of the second user's level of access to a resource; 

computer-readable program code configured to cause a computer to re- 
ceive, from the second user, a request to access the resource; and 

computer-readable program code configured to cause a computer to, re- 
sponsive to the request from the second user, grant the second 
user access to the resource according to the second user's level 
of access as specified by the first user. 

59. The computer program product of claim 54 or 58, further comprising: 
computer-readable program code configured to cause a computer to, re- 
sponsive to granting the second user access, store information 
describing the second user's access to the resource. 

60. The computer program product of claim 54 or 58, further comprising: 
computer-readable program code configured to cause a computer to store 

information describing at least one subsequent interaction with 
the resource. 

61. The computer program product of claim 60, wherein the computer- 
readable program code configured to cause a computer to store information 
comprises, computer-readable program code configured to cause a computer to, 
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4 for each interaction, store information identifying which user accesses the re- 

5 source. 

1 62. The computer program product of claim 54 or 58, wherein the access 

2 to the resource by the second user is masked so that the resource is unable to dis- 

3 tinguish it from access by the first user. 
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